Yahoo announced earlier today that a copy of some of its user account information was stolen from the company’s global network back in November 2014. They have confirmed that the information from some of Spark’s Xtra customers is included in the stolen data. We are working closely with Yahoo to identify any customers who may be affected.

Yahoo has no evidence that the stolen bcrypt-protected passwords or security questions and answers were used to gain unauthorized access to Spark accounts.

Yahoo has confirmed that the stolen account information may have included names, email addresses, telephone numbers, dates of birth, and hashed passwords and, in some cases, encrypted or unencrypted security questions and answers.

Their investigation suggests that information did not include unprotected passwords.

Spark will be communicating directly with customers who we believe may have been impacted as soon as we have more information. We would like to remind all customers to change their password and security questions for their Xtra account and any other account on which you used the same or similar information.

To maintain a secure online profile, Spark advises all Xtra users to regularly update account settings with a strong, difficult-to-predict password. All Xtra customers who have not changed their password or security questions since 2014, or are unsure if they have, should do so now on the Spark website using this link: www.spark.co.nz/changepassword.

As previously announced, we are currently in the process of preparing to move all of our email system back home to New Zealand. A number of our customers have already received a request to register on the Spark website. We thank those customers who have already registered and encourage those who have not registered, to do so.

If you’ve already registered to have your email moved to SMX, you don’t need to do that again – any changes you make to your password will be applied to the new system.

Yahoo announced late last week that a copy of some of its user account information was stolen from the company’s global network back in November 2014. Yahoo has since confirmed that information from some of Spark’s Xtra customers is included in the stolen data.

Spark was notified on Friday and staff have been analysing the data provided by Yahoo to identify the Spark customers who Yahoo believe may be affected.

We take this matter very seriously and will be progressively communicating directly with these customers who may have been impacted, from today, and over the course of the next 48 hours. The number of email addresses potentially at risk is 130,000, which is around 15% of the total Xtra email address base.

Spark will be asking these customers to immediately change their passwords (if they haven’t already.)

Yahoo has told Spark it has no evidence that the stolen information has been used to gain unauthorised access to Spark accounts.

To maintain a secure online profile, Spark advises all Xtra users to regularly update account settings with a strong, difficult-to-predict password. All Xtra customers who have not changed their password since 2014, or are unsure if they have, should do so now on the Spark website using this link: www.spark.co.nz/changepassword.

As previously announced, we are currently in the process of preparing to move all of our email systems back home to New Zealand. If customers have already registered to have their email moved to SMX, they don’t need to do that again. Similarly if customers have changed their password as part of the SMX registration process they won’t need to do it again.

How does changing passwords fix the problem over the hacked security questions that may have been used on other services. Eg First pets name etc. If hackers have that info, they potentially could get access to other services with other providers, what is being done about that?

My main account came through with the right details but I got two emails with the other customer's details on my sub account. The way these batch emails are processed it is likely affecting many others.

Most newer providers don't provide email services. The problem is legacy providers have to continue the service.

Is there any reason why they have to continue a "free" service, other than a potential loss of a customer?

No, but there is fallout that will come from taking something away that used to be free. Remember, the GZ community feels passionate about these products and can pontificate on end about the merits of each type, but for many folks they really don't give a flying, as it's just a small part of their life.

Many small business people have spent $$$ putting contact details on their vans, cars, websites and so on. It may be just a business cost, but its money being diverted that could otherwise have been spent elsewhere - and it can be a real mish getting stuff changed?

Sound like I'm overegging? I invite anyone to close a product and manage the process of taking something away from businesses, and have to deal with the issues it creates. It's the best crucible in the world for learning empathy and the real of world of managing :-)